From d3f84bf2798f629327b681a9c9e3dd1ecb434b418ced84fef86c224e64f2b23d Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sat, 16 Oct 2021 09:37:37 +0000 Subject: [PATCH] Accepting request 925461 from home:jsegitz:branches:systemdhardening_protectclock - Drop ProtectClock hardening, can cause issues if other device acceess is needed OBS-URL: https://build.opensuse.org/request/show/925461 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ipmiutil?expand=0&rev=44 --- harden_ipmi_port.service.patch | 3 +-- harden_ipmiutil_asy.service.patch | 3 +-- harden_ipmiutil_evt.service.patch | 3 +-- harden_ipmiutil_wdt.service.patch | 3 +-- ipmiutil.changes | 5 +++++ 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/harden_ipmi_port.service.patch b/harden_ipmi_port.service.patch index c77eab4..d2f1727 100644 --- a/harden_ipmi_port.service.patch +++ b/harden_ipmi_port.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmi_port.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmi_port.service +++ ipmiutil-3.1.7/scripts/ipmi_port.service -@@ -3,6 +3,18 @@ Description=ipmiutil ipmi_port service +@@ -3,6 +3,17 @@ Description=ipmiutil ipmi_port service After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmi_port.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/harden_ipmiutil_asy.service.patch b/harden_ipmiutil_asy.service.patch index efb93f1..470227d 100644 --- a/harden_ipmiutil_asy.service.patch +++ b/harden_ipmiutil_asy.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_asy.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_asy.service +++ ipmiutil-3.1.7/scripts/ipmiutil_asy.service -@@ -3,6 +3,18 @@ Description=ipmiutil Async Bridge Agent +@@ -3,6 +3,17 @@ Description=ipmiutil Async Bridge Agent After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_asy.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/harden_ipmiutil_evt.service.patch b/harden_ipmiutil_evt.service.patch index e39a0c3..0f3bd05 100644 --- a/harden_ipmiutil_evt.service.patch +++ b/harden_ipmiutil_evt.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_evt.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_evt.service +++ ipmiutil-3.1.7/scripts/ipmiutil_evt.service -@@ -3,6 +3,18 @@ Description=ipmiutil Event Daemon +@@ -3,6 +3,17 @@ Description=ipmiutil Event Daemon After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_evt.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/harden_ipmiutil_wdt.service.patch b/harden_ipmiutil_wdt.service.patch index 2276287..965efbe 100644 --- a/harden_ipmiutil_wdt.service.patch +++ b/harden_ipmiutil_wdt.service.patch @@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_wdt.service =================================================================== --- ipmiutil-3.1.7.orig/scripts/ipmiutil_wdt.service +++ ipmiutil-3.1.7/scripts/ipmiutil_wdt.service -@@ -3,6 +3,18 @@ Description=ipmiutil Watchdog Timer Serv +@@ -3,6 +3,17 @@ Description=ipmiutil Watchdog Timer Serv After=network.target [Service] @@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_wdt.service +ProtectSystem=full +ProtectHome=true +ProtectHostname=true -+ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true diff --git a/ipmiutil.changes b/ipmiutil.changes index 6a896e1..9875a22 100644 --- a/ipmiutil.changes +++ b/ipmiutil.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Oct 15 12:12:08 UTC 2021 - Johannes Segitz + +- Drop ProtectClock hardening, can cause issues if other device acceess is needed + ------------------------------------------------------------------- Wed Sep 22 14:47:30 UTC 2021 - Johannes Segitz